[
https://issues.apache.org/jira/browse/NIFI-6868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16974233#comment-16974233
]
Rob Fellows commented on NIFI-6868:
-----------------------------------
[~andrewmlim] I was also able to successfully use sensitive parameters for all
4 of the GetTwitter properties (Consumer Key, Consumer Secret Key, Access
Token, Access Token Secret).
I did a bit of quick debugging and found a difference in how those 2 processors
get the values for their properties.
The GetTwitter processor just gets the value from the ProcessContext:
[https://github.com/apache/nifi/blob/cded30b3d2dc0497cf3d06051f55ca304c744250/nifi-nar-bundles/nifi-social-media-bundle/nifi-twitter-processors/src/main/java/org/apache/nifi/processors/twitter/GetTwitter.java#L238-L241]
The GetSFTP processor adds a step and calls evaluateAttributeExpressions:
[https://github.com/apache/nifi/blob/ff6a7d95613fc01601d3f60b5fb976c10d89949f/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/SFTPTransfer.java#L593]
If you follow that path it ends up in the ParameterExpression class where it
always returns null for sensitive parameters:
[https://github.com/apache/nifi/blob/4f50f30ad7329540a707be835c23acee86d4cfb4/nifi-commons/nifi-expression-language/src/main/java/org/apache/nifi/attribute/expression/language/ParameterExpression.java#L30-L33]
It is null that is then sent on to the sftp server for auth as the password,
and that is why it fails.
> Sensitive parameters not evaluated properly when executing processor that
> references one.
> -----------------------------------------------------------------------------------------
>
> Key: NIFI-6868
> URL: https://issues.apache.org/jira/browse/NIFI-6868
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.10.0
> Reporter: Rob Fellows
> Priority: Major
>
> Configuring a processor with a sensitive property value set to reference a
> sensitive parameter does not evaluate properly.
>
> An easy way to reproduce this is to create a GetSFTP processor to use a
> sensitive parameter for the "password" property. You can use a publicly
> available SFTP server like:
>
> {{hostname: test.rebex.net}}
> {{password: password}}
>
> Connect this GetSFTP processor to an Add a LogMessage or some other processor
> and start the GetSFTP processor.
>
> When the password property is entered as a string of "password", it works.
> If you create a parameter in the parameter context, say password, and
> reference it as the property value, "#\{password}", you will see failures
> that it can not connect.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
